Preventing data from being submitted to a remote system in response to a malicious e-mail

Abstract

An electronic message manager (100) examines (210) incoming electronic messages and determines (220) whether an incoming electronic message comprises at least one suspect link associated with a remote system. In response to the determination (220) that the incoming message comprises at least one suspect link, the electronic message manager (100) replaces (230) each suspect link with a redirection link. In response to a user attempting (240) to connect to the remote system by clicking on the redirection link, the electronic message manager directs the user to a remote analysis site for deciding (260) whether that incoming message comprises a phishing message.

Description

TECHNICAL FIELD[0001]The present invention relates generally to computer security, and more particularly to preventing the submission of data in response to a malicious e-mail message.BACKGROUND ART[0002]Phishing is a fraudulent activity that attempts to elicit personal, confidential, and / or financial information from unwitting victims. Phishing generally entails sending large numbers of electronic messages that fraudulently claim to be from a legitimate organization instructing the recipient to click on a link that leads to an official-looking yet bogus website. Once there, the user is encouraged to input confidential information such as credit card, Social Security, and / or bank-account numbers. The electronic message and the bogus website typically appear authentic, and may convey a message such as “the bank has lost some records and needs to verify information.” The site typically includes an electronic form into which the user is directed to enter the requested information. The ...

AI Technical Summary

Benefits of technology

[0006]Methods, systems, and computer-readable media prevent data from being submitted to a remote system responsive to a malicious electronic message. An electronic message manager (100) examines (210) incoming electronic messages and determines (220) whether an incoming message comprises at least one suspect link associated with a remote system. In response to the determination (220) that the incoming message comprises at least one suspect link, the electronic message manager (100) replaces (230) each suspect link with a redirection link. In response to a user attempting (240) to connect to the remote system by clicking on the redirection link, the electronic message manager (100) directs the user to a remote analysis site for deciding (260) whether that incoming message comprises a phishing message.

Problems solved by technology

Phishing is a fraudulent activity that attempts to elicit personal, confidential, and / or financial information from unwitting victims.

The frequency of phishing campaigns is increasing at a dramatic and alarming rate.

Counter measures to protect users from phishing have achieved limited success.

Unfortunately, when a phishing attack is successful, the user believes that they are transmitting their confidential information to a reputable website, thus circumventing the intervention and causing the user to authorize the release of sensitive information to what is actually an illicit destination.

For example, there is nothing to prevent a fraudulent party from acquiring the electronic message address of Citibankhelp.com, unless that electronic message has already been reserved by Citibank or some other party.

Images